w2k3 standard: IIS6: No control panel
I have a wildcard certificate for *.domain.com. Cert is installed fine and works for domain.com. but when I configure subdomains,
sites go down. Here's the picture.


Desc Identifier Host Header IP
Default site(disabled) 1 72.1.1.100
Primary 1001 Domain.com 72.1.1.100
www.domain.com
Portal 2001 Portal.domain.com 72.1.1.100
Webmail 3001 Wemail.domain.com 72.1.1.100
I'm using the following command but get "file not found" at command prompt:
ADSUTIL.VBS SET <SecureBindings> ":443:domain.com" ":443:www.domain.com" ":443:webmail.domain.com" ":443:portal.domain.com"

I've already printed contracts for https://www.domain.com/payments, so can't remove SSL from it although not needed.

Can anyone help?

I'm taking a guess here cause I've not used a wildcard certificate myself but I'm betting each subdomain needs it's own ip address. I know when you have multiple certificates each needs it's own so I'm betting it's the same with a wildcard certificate and subdomains like your doing.

I'm taking a guess here cause I've not used a wildcard certificate myself but I'm betting each subdomain needs it's own ip address. I know when you have multiple certificates each needs it's own so I'm betting it's the same with a wildcard certificate and subdomains like your doing.
Yes, a wildcard cert still requires a unique IP address for each common name.

Thanks. I was confused by "Starting Windows 2003 SP1, you will be able to configure SSL with your host header websites".

Thanks. I was confused by "Starting Windows 2003 SP1, you will be able to configure SSL with your host header websites".

Hmmm I can see why you would be confused according to:

http://msmvps.com/blogs/bernard/archive/2005/05/25/48852.aspx

It appears you can use a wildcard cert without multiple ip's

In fact, I had been reading the same Blog to which you refer. A Blog by MVP's. But their explanations are sometimes cryptic. For instance,

For each wildcard host header *.domain.com you need one IP, and you will have ONE site. Since you have 400 sites with different domain URL, you will need 400 IPs if you want to utilized this feature.

You can use host header to host 400 sites with 1 IP. But for *.domain.com to work for that, we need to skip the host header and listen on the IP only. Hence, you are referring 400 *.domain.com sites and you need 400 IPs in a way. One way to skip the IP is, configure *.domain.com for that 400 domains, then when request hit the default page of the ONE site, using scripting to dynamic parse the URI then redirect to a proper site or virtual directory.

First it sounds as if you do in fact need a separate IP for each subdomain. but The second para opens, "You can use host header to host 400 sites with 1 IP".

In fact, I had been reading the same Blog to which you refer. A Blog by MVP's. But their explanations are sometimes cryptic. For instance,



First it sounds as if you do in fact need a separate IP for each subdomain. but The second para opens, "You can use host header to host 400 sites with 1 IP".

Well you can use 1 ip for 400 sites with host headers but not with SSL unless this wildcard thing works. But it also states at the end he has not tested it so I think he was just thinking that it should work in theory.